Archive

Archive for the ‘Servers’ Category

Exponent registration bug patcher

May 3rd, 2011 No comments

In response to a recent ExponentCMS security vulnerability which allows a cross-site script injection to allow anybody to create a new admin user, I’ve written the following script that will automatically apply the necessary patch.  
Suggested usage:


find /home/*/public_html/framework/datatypes -name user.php -exec python fixRegBug.py {} \;

 


#!/usr/bin/env python
# encoding: utf-8
"""
fixRegBug.py

Created by Ron Miller on 2011-05-03.
Copyright (c) 2011 Youcentric Solutions. All rights reserved.
"""

import sys
import os

def main():
	if sys.argv[1] is None:
	    print "Please specify path to user.php"
	    exit(255)
	oldfile = open(sys.argv[1], "r")
	newfile = open(os.path.join(os.path.dirname(sys.argv[1]), "user.new.php"), "w")
	for line in oldfile:
	    if "if(isset($params['is_admin']) || isset($params['is_acting_admin'])) $this->checkAdminFlags();" in line:
	        line = "\t$this->checkAdminFlags();"
	        newfile.write(line)
	        newfile.flush()
	        print "Found and fixed vulnerability in %s" % sys.argv[1]
	    else:
	        newfile.write(line)
	        newfile.flush()

	newfile.close()
	oldfile.close()
	os.rename(sys.argv[1], os.path.join(os.path.dirname(sys.argv[1]), "user.old.php"))
	os.rename(os.path.join(os.path.dirname(sys.argv[1]), "user.new.php"), sys.argv[1])

if __name__ == '__main__':
	main()
Categories: Linux, Servers Tags:

Quick Summary of User Home Sizes

April 28th, 2009 No comments

I had a niche need to make an easy summary of user directory sizes for an FTP server where the users’ homes could be in one of a few locations. I whipped up this script which should make it easy even for an ultra-novice to get this summary:


#!/usr/bin/env python

import subprocess

def run_this(commandline):
    process = subprocess.Popen(commandline, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
    out,err = process.communicate()
    return out

print "Now calculating home directory size for all non-system users.\nThis may take a few minutes, please wait."

file = open('/etc/passwd','r')
userlist = list()
for line in file:
    user = line.split(':')
    if int(user[2]) >= 1000 and "nobody" not in user[0]:
        usage = run_this("du -hs " + user[5] + " | cut -f 1")
        userlist.append([user[4].split(',',1)[0], usage.strip()])
file.close()

print "\nStorage Consumed by Users"
print "------------------------------------------------\n"

for userinfo in userlist:
    print userinfo[0] + "\t\t\t" + userinfo[1]

print "\n"
Categories: Coding, Servers Tags: , , ,

Quickly find disabled emails in Virtualmin

April 8th, 2009 2 comments

Anybody who’s adminned a Virtualmin server has probably had update hell.  One that I personally have had to wrangle with is where Virtualmin will randomly disable email accounts, resulting in frustrated users calling you when noone can email them. I’ve written a quick Python script to dump out a list of all disabled email accounts to reduce the inevitable frustration caused by this issue, allowing one to quickly find all of the disabled emails and re-enable them, hopefully before anyone complains. :)


#/usr/bin/env python

file = open('/etc/postfix/virtual','r')
activemails = list()
for line in file:
        if '@' in line:
                activemails.append(line.split(None,1)[0])
file.close()

file = open ('/etc/passwd','r')
for line in file:
        if '@' in line and '/bin/false' not in line:
                email = line.split(':',1)[0]
                if email not in activemails:
                        print email
file.close()
Categories: Coding, Servers Tags: , , ,

dork-e.com is Stephen Fry proof thanks to caching by WP Super Cache